Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

added new DC and transferred FSMO roles

Posted on 2014-09-15
9
Medium Priority
?
150 Views
Last Modified: 2014-10-07
I recently added a new DC.  Once added and verified that DNS replicated I transferred the FSMO roles.  I did this so I could migrate the old DC to new hardware.  I'm getting the below error.

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          9/14/2014 3:57:10 AM
Event ID:      2092
Task Category: Replication
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      myDCname.domain.local
Description:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
 
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
 
FSMO Role: CN=Schema,CN=Configuration,DC=mydomain,DC=local
0
Comment
Question by:gopher_49
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40323470
Follow the instructions here to SEIZE the schema role and then run a netdom query to validate:
netdom query FSMO
http://www.petri.com/seizing_fsmo_roles.htm

Once you have the roles moved and you validate AD replication is as expected, I suggest you demote the old DC and do a metadata cleanup.
0
 
LVL 18

Expert Comment

by:Emmanuel Adebayo
ID: 40323480
How did you transfer the roles? Did you size the role after transfer?

At the command prompt on the server enter
netdom query FSMO
This will list the FSMO roles on the server, size the the missing role(s) by using "Ntdsutil"

Also, check this MS KB http://support.microsoft.com/kb/2102154

Regards
0
 

Author Comment

by:gopher_49
ID: 40323494
I want to keep the old DC.  I just needed to migrate the VM to different hardware and it was my only DC.  So.  I added a new DC and then transferred the roles.  I then powered off the old DC and migrated that VM and powered it back on.

When running the fsmo query it shows my new dc to have the roles.  I did not seize  the schema role prior to running the command.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 36

Expert Comment

by:Seth Simmons
ID: 40323585
When running the fsmo query it shows my new dc to have the roles.

which one did you run that on?  run on both and see if the results on both are accurate
0
 

Author Comment

by:gopher_49
ID: 40323754
Okay.  Ill run it on both and will report back shortly.
0
 

Author Comment

by:gopher_49
ID: 40325739
I ran the command on both DC's and the results where the same.  It was successful and shows the new DC to be the role holder for all roles.  The error posted at the top of the post was from a few days ago.  Nothing has changed except for online defrags finishing successfully.
0
 
LVL 36

Accepted Solution

by:
Seth Simmons earned 2000 total points
ID: 40332604
if that error hasn't appeared since, i would say it was a transient error from when the fsmo roles were transferred and you won't be seeing it again since there have been no other messages and dcdiag is good on both systems since

often times when roles change, services are restarted, etc. transient messages like that will appear once in the beginning then go away
0
 

Author Comment

by:gopher_49
ID: 40332660
okay..  I'll watch the event logs over the next few days to assure it's okay and will update everyone.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40332683
This has been seen in some instances where replication had not caught up. It might have just been the case here, since it has nit repeated since.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question